Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 14 Jan 2000 03:10:09 -0500 (EST)
From:      Mike Nowlin <mike@argos.org>
To:        Frank Bonnet <bonnetf@bart.esiee.fr>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: IP address abuse ...
Message-ID:  <Pine.LNX.4.05.10001140250430.32763-100000@jason.argos.org>
In-Reply-To: <200001111057.LAA17219@bart.esiee.fr>

next in thread | previous in thread | raw e-mail | index | archive | help

> Our primary DNS runs FreeBSD and we are facing
> a boring problem , some stupid student has 
> put the same IP address than the DNS on a Linux (mandrake)
> machine , then our FreeBSD said "someone has taken my IP address"
> and stop to serve our LAN ... 

Execute him.  Violently.  Lots of blood and guts.

> Is it possible with FreeBSD to avoid such trouble ?
> ( arpwatch is running on this machine )

Without trying this (not willing to screw up any networks right now with
the amount of brain-numbing liquid in my system at the current time), I'd
imagine you could side-step around the problem with one of the following:

1)  a static arp entry on the FBSD box that tells it where a certain IP
address should be (yours).

2)  Possibly (?) an IPFW rule something like "deny udp from 10.1.1.1 in
via fxp0" to keep your system from seeing anything coming in through fxp0
with your IP address.  (Depending on where in the tree the IPFW rules are
applied, it may also prevent your machine from seeing itself on that IP
address -- Linux does have some problems with this, and I haven't tested
how FBSD handles it.)

3)  If you're on some sort on intelligently-switched network, you should
be able to smack down any packets coming from his ethernet address.  If
the switch is really smart, you can kill packets on an IP/Port level, and
keep him from sending anything out on port 53, either TCP or UDP with a
given source/dest IP address, while still allowing him to telnet to the
"daytime" port on the local HPUX machine.

(Someone else posted:)

>So stick with the sledgehammer.  I don't think there is one in the ports
>collection, but you should be able to get one from a local hardware
>store!

Or the sledge that I have symbolically sitting next to my desk -- yes, I
have used it on a couple of old TRS-80 CoCo's...  It was fun.....  :)


(And someone else posted:)
>The student is disrupting network services. Don't you have a policy to
>deal with this? (Perhaps expulsion from school if he won't change the
>IP.)

Just threaten him with legal action.  Disrupting systems is usually a very
serious offense, especially with government-funded schools.  If that
doesn't work, a few well-planned words passed to a couple of local
fraternities can work nicely.... :)

--mike




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.10001140250430.32763-100000>